kali构建PHP_MYSQL

配置Mysql

sudo mysql -u root //第一次可以直接进入
alter user 'root'@'localhost' identified by '123456';
create database usr;

配置PHP

进入目录:cd /etc/php/8.2/apache2

执行:sudo vim +904 php.ini
将这行代码前面的注释去除:extension=mysqli

进入到目录:cd /var/www/html/
创建以下文件:vim TestConn.php
TestConn.php测试文件代码

<?php
// 启用错误报告
error_reporting(E_ALL);
ini_set('display_errors', 1);// 数据库配置
$servername = "localhost";
$username = "root";
$password = "123456"; // 替换为实际密码,修改密码命令,alter user 'root'@'localhost' identified by '123456';
$dbname = "usr"; // 替换为实际数据库名,需要自己创建,命令,create database usr;try {// 创建连接$conn = new mysqli($servername, $username, $password, $dbname);// 检查连接if ($conn->connect_error) {throw new Exception("连接失败: " . $conn->connect_error);}// 设置字符集if (!$conn->set_charset("utf8mb4")) {throw new Exception("字符集设置失败: " . $conn->error);}echo "MySQL连接成功！服务端版本: " . $conn->server_version;// 关闭连接$conn->close();
} catch (Exception $e) {die("数据库错误: " . $e->getMessage());
}
?>

配置apache2服务器

进入目录:cd /etc/apache2/
修改文件:sudo vim +174 apache2.conf
直接添加以下内容

<Directory "/var/www/html">Options Indexes FollowSymLinksAllowOverride AllRequire all granted</Directory>DirectoryIndex index.php index.html:ml-citation{ref="2,3" data="citationList"}AddType application/x-httpd-php .phpAddHandler php7-script .php LoadModule php_module modules/libphp.so

测试

先执行这个DROP掉系统的RST包sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP

from scapy.all import *
import random
import timetarget_ip = "127.0.0.1"
target_port = 80
source_port = random.randint(1024, 65535)ip = IP(dst=target_ip)
syn = ip / TCP(sport=source_port, dport=target_port, flags="S", seq=1000)
syn_ack = sr1(syn, timeout=2, verbose=0)if not syn_ack or not syn_ack.haslayer(TCP):print("未建立TCP连接。")exit()server_seq = syn_ack[TCP].seq
server_ack = syn_ack[TCP].ack# 第三次握手
ack = ip / TCP(sport=source_port, dport=target_port, flags="A", seq=server_ack, ack=server_seq + 1)
send(ack, verbose=0)# 构造HTTP请求
http_get = "GET /TestConn.php HTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: close\r\n\r\n"
http_payload = http_get.encode("UTF-8")
get_request = ip / TCP(sport=source_port, dport=target_port, flags="PA", seq=server_ack, ack=server_seq + 1) / http_payload
send(get_request, verbose=0)# 接收所有响应数据段
response_data = b""
seq = server_ack
timeout = time.time() + 5  # 最多等待5秒while time.time() < timeout:pkt = sniff(filter=f"tcp and src host {target_ip} and port 80", count=1, timeout=1)if not pkt:continuetcp = pkt[0][TCP]if tcp.sport == target_port and tcp.dport == source_port and tcp.haslayer(Raw):payload = bytes(tcp[Raw].load)response_data += payload# 发送ACK回执ack_pkt = ip / TCP(sport=source_port, dport=target_port, flags="A",seq=tcp.ack, ack=tcp.seq + len(payload))send(ack_pkt, verbose=0)# 打印HTTP响应
#if response_data:
#    print("=== 服务器完整响应内容 ===")
#    try:
#        print(response_data.decode("utf-8", errors="ignore"))
#    except Exception:
#        print(response_data)
#else:
#    print("未接收到HTTP响应数据。")

效果图

浏览器

wireshark